You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/03/18 10:01:39 UTC
[Bug 65193] New: directive does not only match the basename
https://bz.apache.org/bugzilla/show_bug.cgi?id=65193
Bug ID: 65193
Summary: <Files> directive does not only match the basename
Product: Apache httpd-2
Version: 2.4.46
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: markjenkins@mailfish.de
Target Milestone: ---
The documentation says that <Files> is "applied to any object with a basename
(last component of filename) matching the specified filename". This does not
always seem to be the case.
Consider this configuration:
DocumentRoot /var/www/html
# Deny access to "hidden" files
<Files ".*">
Require all denied
</Files>
Assume that /var/www/html/.well-known does not exist.
Then the request "GET /.well-known/security.txt" returns 403 Forbidden instead
of the expected 404 Not Found although .well-known is not the basename of the
requested file.
If /var/www/html/.well-known/ exists, but
/var/www/html/.well-known/security.txt does not, we get the expected 404 Not
Found.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org